Netsparker's Web Application Security Blog

The Problem of False Positives in Web Application Security and How to Tackle Them

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

This web application security blog post explains what are False Positives in web application security and what negative impact they have on web security experts. It also explains why common automated web security tools generate false positives and how Netsparker Web Application Security Scanner does not report any false positives at all. Read More

Businesses Need Automated Web Application Security Scanners to Detect Web Vulnerabilities

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Robert Abela

This web application security articles highlights the reasons why businesses should use automated web application security scanners such as Netsparker to identify all vulnerabilities in their web applications. Automated web application security scanners can identify vulnerabilities from the OWASP Top 10 and much more, which are typically exploited by malicious hackers. Read More

Are Hackers a Step Ahead? An Analysis using Web Application Vulnerabilities

Category: Web Security Readings - Last Updated: Wed, 13 Sep 2017 - by Robert Abela

In this analysis the Netsparker team used Netsparker Web Application Security Scanner to scan a number of popular open source web applications and identify vulnerabilities in them. The results are very shocking and explain why malicious hackers are always a step ahead of website owners. A vulnerability statistics infographic was also generated from the results. Read More

5 Lessons We Have learnt from Netsparker Software Releases

Category: News - Last Updated: Thu, 02 Feb 2012 - by Ferruh Mavituna

In this blog post, Ferruh Mavituna explains what he and his team has learnt from the releases of Netsparker Web Application Security Scanner. Ferruh shares his experience of how everything is done, how the team works and how every decision, even a small one might affect the whole release cycle of Netsparker. Read More

How Netsparker ensures False Positives Free Web Vulnerability Scans

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Ferruh Mavituna

This web application security blog post explains why false positives are one of the biggest problem of today's commercial web application vulnerability scanners and also explains what the Netsparker team is doing to ensure that Netsparker Web Application Security Scanner does not report false positives when doing a web application security scan. Read More

XSS to Root in Apache Jira Incident

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Onur Yilmaz

In this blog post we explain how malicious hackers hacked into the Apache Foundation web servers and gained root access. They started by exploiting a cross-site scripting vulnerability in a web application called Jira. We scanned Jira with Netsparker and detected all of the vulnerabilities the malicious hackers exploited and more. This incident should serve as an example to all corporations to use Netsparker Web Application Security Scanner to identify and close down web application vulnerabilities. Read More

WebRaider

Category: Web Security Readings - Last Updated: Sat, 27 Feb 2010 - by Ferruh Mavituna

WebRaider is a proof of concept tool to get reverse shell from an SQL Injection with one request, without using any extra channels such as TFTP or FTP to upload the initial payload. Read More

False Positive Free Scanning

Category: Web Security Readings - Last Updated: Mon, 22 May 2017 - by Ferruh Mavituna

When I tell someone that Netsparker is a False Positive Free web application security scanner, they’ll stare at me and think “Well, yet another lunatic!” They never actually said that but I can read it from their faces. They won’t say much assuming I’m a mad person who claims a scanner can avoid false positives and since I’m a mad person, I can be dangerous. I assume that’s why they generally choose to be silent after that claim! Read More